Payroll accuracy won’t save you from audit risks. The real issue lies in how positions are created, approved, and documented. If a position lacks proper authorization, funding alignment, or qualifications, your organization is at risk – even if payroll runs flawlessly. Here’s why this matters:

• Auditors ask tough questions: Was the position approved? Does it meet funding requirements? Are qualifications documented? Payroll systems can’t answer these.
• Recent audits highlight this issue: In a 2023 OIG audit of CCBHC Expansion grants, auditors found that in 28 of 30 sampled grants, SAMHSA lacked procedures to verify whether clinics filled key personnel positions or met level-of-effort requirements.
• Behavioral health is especially vulnerable: Federal and state grants, Medicaid, and staffing requirements demand strict documentation for positions. Weak governance creates gaps that auditors quickly identify during compliance reviews.

To avoid costly findings, focus on position governance: formal approvals, funding traceability, and lifecycle documentation. Payroll is only as good as the governance that comes before it.

Why Payroll Accuracy Creates a False Sense of Security

Even when payroll systems operate without a hitch, accurate payments can mask a critical issue: the lack of proper position governance. Payroll systems don’t verify whether a position was authorized, funded, or compliant with grant requirements. This gap highlights a key distinction – what payroll systems manage well versus where they fall short.

What Payroll Systems Handle Well

Payroll systems are excellent at their primary task: processing payments. They handle calculations for gross pay, manage tax withholdings like FICA and FUTA, allocate expenses to the correct general ledger accounts, and produce reports for financial reviews. Many modern systems even distribute labor costs across cost centers, provided the upstream governance is already in place. However, these systems assume that someone has already confirmed the position’s approval, secured funding, and ensured alignment with organizational budgets. Payroll systems process the data they receive—they do not verify whether a role was properly authorized, funded, or compliant with grant requirements.

What Payroll Systems Cannot Do

The cracks in these systems become evident during audits. Auditors often ask questions that payroll reports can’t answer, such as:

• Was the position filled within the required timeframe for a grant agreement?
• Does the employee meet federal funding requirements, like level-of-effort mandates?
• Was the position formally approved before the hire, or was it created retroactively?

Payroll systems are not designed to track position governance, approvals, funding alignment, or compliance documentation. They can’t verify clinical credentials, confirm compliance with grant timelines, or detect undocumented changes in responsibilities or funding sources.

“Audit readiness is not about perfection, it’s about systems that support consistency and transparency, even in day-to-day operations.” – John Lynch & Associates 

Real-world examples highlight these limitations. In January 2026, the Minnesota Office of the Legislative Auditor reported that the Behavioral Health Administration paid grantees for work performed before grant agreements were fully executed. While the payroll system accurately processed these payments, the lack of documented approval led to a major audit finding.

This issue is particularly concerning for organizations with tight financial margins. Many community health centers operate with very limited reserves—often 90 days of cash or less—according to national health center financial reports. When audits uncover questioned costs due to missing governance, the financial consequences can be severe. Even flawless payroll execution cannot protect an organization during an audit if it cannot demonstrate that the position was properly authorized, funded, and documented from the start.

Where Audit Risk Actually Begins: Position Governance

Audit risk often begins before payroll processing—during the creation, approval, funding alignment, and documentation of positions.  Auditors trace every step back from the payroll report, meaning a single missing or flawed piece of documentation in this chain can expose an organization to risk, even if every paycheck is processed correctly.

How Position Governance Works

The process of position governance follows a specific sequence: position approval → funding alignment → hiring → staffing → payroll → reporting. Each step requires thorough documentation. For example, a position description must outline the necessary training and qualifications for the approved responsibilities. Funding sources need to be identified using grant segment codes that tie the role to specific federal awards. If the position is grant-funded, the organization must also ensure that the employee meets level-of-effort requirements – meaning their time commitment aligns with the grant application. Any significant changes, such as a CEO or Project Director reducing their time by 25% or more, or extended vacancies, must be documented and approved promptly.

Relying on informal processes – like email approvals, verbal agreements, or spreadsheet tracking – can weaken the audit trail. Miscommunication between Finance and HR often unravels under audit scrutiny. This highlights why every step of documentation is essential: it’s not just about payroll accuracy, but about establishing a solid governance framework that drives audit readiness.

Real Scenarios of Audit Risk from Weak Governance

When documentation is incomplete or processes are informal, the risks aren’t hypothetical – they’re real, as shown in several cases.

In September 2023, the HHS Office of Inspector General audited $447 million in CCBHC Expansion grants distributed by SAMHSA. From a sample of 30 grants totaling $79 million, auditors found that for 28 grants, SAMHSA lacked procedures to verify whether clinics had filled key personnel positions or if those personnel met level-of-effort requirements. This oversight raised concerns that grant funds might not have been used as intended, and that unqualified individuals could have been managing federal funds.

Another example comes from Minnesota. In January 2026, the Minnesota Office of the Legislative Auditor discovered that the Behavioral Health Administration paid grantees for work completed before grant agreements were finalized. Additionally, overpayments occurred due to inadequate financial reconciliation between grant and accounting systems. These governance failures happened despite accurate payroll processes, illustrating how weak upstream controls can lead to significant issues.

These scenarios highlight the risks tied to poor position governance. For instance, a state grant-funded role continues after the grant terms change, but no one updates the documentation. A vacant funded position remains unfilled, leading to overtime costs that obscure funding alignment. Or, an employee’s responsibilities shift across cost centers, but the position approval isn’t updated. Even when payroll runs perfectly, these upstream gaps quietly build audit risk. These examples illustrate that many audit risks originate upstream in position governance rather than payroll processing itself.

Why Behavioral Health Organizations Face Higher Audit Risk

Behavioral health organizations operate within a maze of overlapping regulations – CCBHC certification, Medicaid billing, state grants, and federal mandates. Each funding source brings its own set of rules, from staffing requirements to documentation standards and reporting obligations. When governance around positions is weak, this complexity grows exponentially. Even flawless payroll systems can’t make up for governance missteps at the outset.

What Drives Audit Risk in Behavioral Health

Regulatory requirements create key vulnerabilities for behavioral health organizations. For example, CCBHC grants demand strict verification of certification eligibility and formal agreements with Designated Collaborating Organizations (DCOs) for clinical services. Federal health center programs also require specific “key management staff” – like a CEO, CFO, or Clinical Director – whose qualifications must be documented. Any changes to these roles often need prior approval from agencies like HRSA.

Auditors pay close attention to level-of-effort requirements, ensuring that the percentage of time key personnel dedicate to grant-funded projects aligns with approved budgets. In fiscal year 2020, SAMHSA awarded about $447 million in CCBHC expansion grants to 166 clinics. However, a September 2023 audit by the HHS Office of Inspector General revealed that in 28 of 30 sampled grants – totaling $79 million – SAMHSA didn’t have adequate systems to confirm that clinics filled key positions on time or that those personnel met level-of-effort requirements. This gap created risks that grant funds might have been misused or overseen by unqualified individuals.

On top of federal oversight, state-level scrutiny has intensified. Agencies like CMS, Medicaid, and OCR now demand real-time, precise documentation, making any governance lapses even more glaring. Although each agency examines staffing differently, they all circle back to the same question: Was this position properly approved, funded, and documented?

These challenges become even more pronounced when roles diverge from their original funding sources.

How Misaligned Positions Create Compounding Problems

When a position shifts away from its original funding source, the problems don’t stay confined – they spread. For instance, a clinician hired under a state mental health grant who gradually transitions to Medicaid-billable services creates misalignment across HR records, grant reports, and billing allocations. High staff turnover – a common challenge in behavioral health – only adds to the risk. Weak governance increases the likelihood that new hires will end up in roles that don’t align with compliance requirements.

For organizations receiving over $1,000,000 in federal awards, program-specific audits are mandatory. In these cases, misaligned positions don’t just result in documentation gaps – they create structural weaknesses that auditors are trained to identify. This makes governance issues not just a compliance risk but a systemic one.

What Auditors Look for Beyond Payroll Reports

Payroll reports may confirm that employees are being paid accurately, but auditors dig deeper. They want to ensure that positions were properly approved, funded, and managed from start to finish. Payroll accuracy alone doesn’t prove that a role was created legitimately. Auditors need formal records showing that positions were approved through the correct channels, tied to appropriate funding, and managed with proper oversight. By examining these areas, they can uncover potential risks and ensure that position governance is solid.

Position Approval Documentation

Auditors require clear documentation that connects every position to its funding source and organizational structure. This includes formal position descriptions that outline the required qualifications, such as training and experience, which must be established before hiring begins. For federally funded programs, organizations must also prove that key personnel – like CEOs, CFOs, and Clinical Directors – meet the necessary qualifications. Any changes to these roles often need prior approval from agencies such as HRSA.

For example, a January 2026 review by the Minnesota Office of the Legislative Auditor revealed that the state’s Behavioral Health Administration paid grantees for work done before grant agreements were finalized. The audit also found a lack of documentation justifying single-source grants. Without records showing statutory authority and position approval, there’s no way to confirm that a role was authorized properly. Auditors want to see the reasoning behind each hire, including the legal authority, funding alignment, and organizational need. Even if payroll is processed correctly, missing approval records can lead to audit risks.

Funding Source Records and Traceability

Auditors also focus on how well funding sources are tracked and connected to specific positions. Financial management systems must clearly identify federal awards and maintain records that link funding sources (receipts) to their applications (expenditures) for federally funded activities. This level of traceability requires detailed general ledger entries, specific grant codes, and regular checks to verify expenditures align with approved funding. Financial reconciliations are critical to catch any differences between approved reimbursements and actual payments.

“The health center’s financial management system must specifically identify in its accounts all Federal awards… and provide for… records that identify the source (receipt) and application (expenditure) of funds for federally-funded activities.”
– Health Resources and Services Administration (HRSA) Compliance Manual 

When a position transitions from one funding source to another – like shifting from a state grant to Medicaid billing – this change must be documented and fully traceable. Auditors expect a complete funding history, not just the current allocation. This is especially important for organizations handling over $1,000,000 in federal awards, as they are subject to program-specific audits. Without this documentation, organizations face significant risks.

Position Lifecycle Documentation

Auditors also examine how well an organization tracks the lifecycle of each position. This includes every stage – creation, approval, hiring, funding changes, and scope adjustments. A centralized audit trail should show that positions were filled on time, met level-of-effort requirements, and adhered to grant terms. For example, the OIG’s 2023 audit highlighted the risks of poor lifecycle documentation. Without proper records, there’s no guarantee that personnel are qualified to manage large grants or that they complied with grant requirements.

Organizations must maintain logs that document supervision, credentialing, and any changes to a position’s scope or funding. This detailed record ensures that every position is properly managed and serves as a critical safeguard against audit findings.

The Governance Gap: When HR, Finance, and Payroll Work in Silos

When position governance lacks cohesion, siloed operations amplify audit risks.

In many behavioral health organizations, there’s no single system of record for managing positions. HR may track headcount in one platform, Finance keeps tabs on the budget in another, and Payroll handles transactions in yet another. This fragmented setup means no single department holds a complete, reliable record. The result? A lack of transparency that weakens position control.

This disconnection creates vulnerabilities. For example, if HR approves a hire without confirming available funding or fails to update records after a grant change, the organization’s audit risk increases. Similarly, when Payroll processes overtime to fill a vacancy, Finance may lose sight of whether labor costs align with the approved budget. This disconnect leads to a governance gap – a weak spot that auditors are quick to identify.

“Organizations that struggle with fragmented workflows, siloed teams, or outdated procedures are often vulnerable to the kinds of compliance threats that quietly build over time and later trigger high-stakes reviews.”
– John Lynch & Associates 

Recent audits underscore this issue. A 2023 OIG audit of SAMHSA’s CCBHC grants revealed how fragmented policies can obscure compliance issues. Similarly, a 2026 performance audit of the Minnesota Behavioral Health Administrationshowed that siloed systems delayed the detection of financial discrepancies. These weren’t Payroll-specific errors – they were failures in cross-departmental coordination.

Without alignment across HR, Finance, and Payroll, organizations struggle to demonstrate proper approval, funding, and management of positions. Up next, we’ll explore how strong position governance can close these gaps and reduce audit risks.

How Position Governance Reduces Audit Risk

Position governance plays a critical role in reducing audit risk by ensuring control is established right from the start of a role’s lifecycle. By formalizing how positions are approved, funded, and tracked, organizations move away from reactive compliance and toward proactive risk management.

What Strong Position Governance Includes

Effective governance begins with formal position approvals tied directly to funding. This means no hiring happens unless a role is linked to an approved budget. It also requires documenting the level of effort needed to comply with federal grant terms – something recent audits have highlighted as essential. Even the most advanced payroll systems can’t replace the need for clear, fund-aligned governance.

To ensure full accountability, organizations must document the entire lifecycle of every position. Auditors don’t just want to see current payroll data – they expect a complete history. When was the position approved? What funding source supported it? Has that funding changed over time? Strong governance ensures that records answer these questions, with documentation that tracks both the receipt and application of funds, backed by source materials that verify authorizations and obligations.

“The health center must maintain effective control over, and accountability for, all funds, property, and other assets in order to adequately safeguard all such assets and ensure that they are used solely for authorized purposes.” – Health Resources & Services Administration (HRSA) 

Centralized documentation also eliminates the chaos of scattered records. When supervision logs, credentialing files, and position approvals are stored in a single, searchable system, organizations can handle audit requests without scrambling across departments. This unified approach doesn’t just streamline audits – it demonstrates clear control and accountability.

By focusing on approvals, funding alignment, and comprehensive documentation, organizations can achieve more than just audit readiness – they set the foundation for operational and financial improvements.

Benefits Beyond Audit Readiness

The advantages of position governance extend far beyond preparing for audits. One key benefit is improved budget visibility. With labor costs tied to specific funding sources and available in real time, Finance teams can better manage resources. This is especially critical for organizations with tight cash reserves – 42% of health centers operate with 90 days or less of cash on hand. Given that labor is often the largest expense, accuracy and transparency are essential.

Governance also enables early detection of labor variances. For example, if overtime starts to cover a structural vacancy or if a position shifts from its intended cost center, Finance can catch these issues mid-cycle. Addressing misalignments early prevents them from escalating into larger problems during year-end reconciliations.

Another benefit is stronger program alignment. Governance ensures that roles are properly authorized and payroll is allocated to the correct funding streams. For instance, grant segment codes prevent Medicaid-funded roles from being mistakenly charged to Section 330 grants – or vice versa. This is crucial, as Medicaid accounts for about 43% of FQHCoperating revenue, while Section 330 grants contribute 11%. Misallocations in these areas can lead to significant audit risks.

Perhaps most importantly, strong governance builds board-level confidence. When executives can prove that every position is approved, properly funded, and fully traceable, they demonstrate financial discipline that safeguards both the organization’s mission and its sustainability. By embedding these practices, organizations not only reduce audit risk but also strengthen their overall financial health – laying the groundwork for broader risk management strategies.

Conclusion: Audit Control Begins with Position Governance

To address the risks discussed earlier, audit control must start well before payroll processing ever begins. Payroll compliance is the result of decisions made upstream – when positions are created and approved. By the time payroll runs, any governance missteps have already taken root. If a position wasn’t properly authorized, tied to a funding source, or backed by the right qualifications, payroll accuracy becomes a moot point. The risk was embedded long before the first paycheck was issued.

As mentioned earlier, weak position governance leaves organizations vulnerable to audit risks that payroll processes alone cannot fix. On the other hand, strong position governance ensures that every role is authorized, funded, and traceable before any payroll activity occurs. It’s the difference between scrambling to address audit findings and proactively avoiding them altogether. For example, the September 2023 OIG audit highlighted governance failures that originated upstream, not during payroll processing.

“Audit readiness is no longer about scrambling before a scheduled review, it’s about being prepared all the time.” – John Lynch & Associates 

If an audit happened tomorrow, could you provide approval documentation for every role? Could you trace each position back to its funding source? Could you confirm that key personnel fulfilled their required time commitments? If you’re unsure, your organization may be at risk.

Given these vulnerabilities, now is the time to reassess and improve your position governance strategies. Consider conducting a Position Governance Audit to evaluate your current processes. This isn’t about achieving perfection – it’s about creating systems that safeguard your organization’s ability to serve your community with confidence and fiscal responsibility.

FAQs